How Boards Can Enhance Technology Oversight to Unlock Potential
Summary
This EY-backed Harvard Forum piece argues that boards must act decisively to guide companies through rapid technological change. Effective technology governance needs clear, timely information from management, higher director tech fluency and structured board conversations. Boards are using a range of models — full board oversight, expanded duties for standing committees (especially audit), dedicated technology committees, or temporary/advisory groups — depending on company needs, board expertise and committee capacity.
The EY review of S&P 500 proxy statements and interviews with directors and executives highlights market trends (tech committees rising from 7% to 13% of S&P 500 boards since 2018), widespread cybersecurity oversight (92% of companies cite it), and a sharp increase in AI being cited in committee responsibilities (from 6% to 20% in a year). The article offers framing questions for boards and lists four expectations technology leaders have of boards.
Key Points
- Boards must balance oversight of technology risk with enabling strategic opportunities; how they do so varies by sector and company maturity.
- Governance options include full-board oversight, assigning responsibilities to existing committees (most often the audit committee), creating stand-alone technology committees, or using ad hoc task forces and advisory groups.
- Prevalence: ~13% of S&P 500 boards now have technology committees; cybersecurity oversight appears in 92% of proxy statements; AI oversight mentions rose from 6% to 20% in a year.
- Choosing the right structure requires frank board conversations about technology maturity, the role of tech in strategy, available expertise and committee bandwidth.
- Technology leaders want boards to engage strategically, treat IT leaders as strategic partners, set technology risk appetite and avoid micromanagement.
Why should I read this?
Short version: if your board still treats tech as just another IT problem, this will nudge you — hard. It’s a practical, no-nonsense guide for directors and chairs on the choices they face, what to ask management, and how to avoid the common traps that either under‑play risk or miss strategic upside. Read it if you want to stop reacting and start shaping tech strategy.
Author style
Punchy — the authors cut straight to what boards must do. The piece mixes hard data (S&P 500 charter reviews) with on-the-ground director and executive insights, so it’s both evidence-based and utility-driven. If you’re responsible for governance, this is high-value reading rather than background noise.
Context and Relevance
The article is timely: boards face accelerating AI deployment, heightened regulatory scrutiny and pervasive cybersecurity threats. Governance structures that worked a few years ago may no longer suffice. The trends noted — more boards creating tech committees, audit committees absorbing tech responsibilities, and rising investor focus on AI oversight — signal a shift in how investors and regulators expect boards to engage with technology issues.
For non-executive directors, general counsel, nominating and governance committees, and CIO/CISO roles, the guidance and framing questions offer an actionable checklist to evaluate whether current oversight arrangements are fit for purpose.